Our website uses cookies to help us improve the website itself. Also, our advertising partners may place their cookies on your device, so we can advertise our offers on their platforms. But don't worry, you may always restrain us from placing cookies or delete those, which had already been placed. Learn more at our privacy policy.

Ajax Hub updating procedure

The updating procedure is an integral part of the product development and improvement. Updates of Hub / Hub Plus operating system increase the stability and security of the system, optimize its performance, ensure compatibility with new devices and expand the capability list.

The Hub updates only when the security system is disarmed.

Update file size does not exceed 0.5 MB.

The update is loaded in the background, not affecting the system operation at all. The update installation takes less than 10 seconds.

Hub operating system update is optional. The automatic update can be disabled in the Hub settings.

How is the Ajax Hub operating system are updates

1. The Hub determines if there is an update for operating system on the server

The firmware file for the Hub is stored in the encrypted form on the Ajax Cloud server, and the server does not know the keys and the encryption method of the file. The access to the firmware database is provided only to a limited set of people in the company from the internal network of Ajax Systems. Since they have different levels of access, no one can make critical changes and sabotage the system. All actions are logged and monitored, and we know exactly who made the changes and when. Internal safety regulations prohibit the use of passwords to access the firmware database. SSH keys are used instead.

The Hub is connected to the server using the proprietary encrypted protocol. The authentication and verification system protects the server against forgery.

The Hub checks for operating system updates every 5 minutes. If the automatic update option is enabled in the Hub settings, the Hub is updated automatically. If this option is disabled, the mobile application offers to install the update. If the security system is armed when the Hub detects a new firmware, the update is loaded in the background, not affecting the system operation at all, and installed after disarming the system.

Protection technologies:

Access to the firmware database by SSH keys only.

Access privileges and logging of changes to the server.

Server authentication and verification systems.

Using the proprietary encrypted communication protocol.

2. Transferring the update file from the server to the Hub

Having detected the update file, the Hub starts downloading the firmware to the external flash memory using any available communication channel with the server: Ethernet or GSM. The download is carried out in the background, not affecting the system operation.

Protection of the transmitted data between the Hub and the server is provided by TLS combined with the security methods within the closed binary protocol.

Protection technologies:

TLS.

Using the proprietary encrypted communication protocol.

3. Checking the update file

The Hub firmware is encrypted and signed with a checksum. If the firmware file is corrupted (intentionally or due to transmission errors), it is ignored, since the checksums will not match.

If the intruder corrupts the encrypted firmware file and substitutes the checksum, the checksum inside the decrypted firmware file will still not match the signature and the Hub will reject the update file.

At most, the firmware file can be read from the external flash memory of the Hub. However, the decryption of this file with the capabilities of modern computers will take thousands of years.

The firmware file includes a system of markers and properties that are checked before the installation. Information about them is available to a limited set of people to exclude the possibility of sabotage. If any marker or property fails validation, the update is canceled. Thus, the Hub will not install the firmware from the Hub Plus.

Protection technologies:

Verification of checksums, markers and properties.

Encryption.

4. Hub firmware update

During the update, the encrypted firmware file is read from the external flash memory of the Hub by the bootloader, stored in the device microcontroller’s ROM.

The firmware is decrypted only inside the microcontroller, which cannot be accessed from the outside, therefore there is no possibility to read or substitute the firmware. Having decrypted the firmware file, the checksums are verified once more in order to make sure that no data was corrupted during the decryption process.

The bootloader inside the Hub also controls the correct operation of the Hub with a new firmware. If critical errors or malfunctions are detected, the Hub deletes the corrupted firmware version and reflashes the latest stable release.

Only a limited set of people knows how the stable firmware is selected and how the correct operation is controlled, which complicates the sabotage. The bootloader itself is not updated, thereby excluding the possibility of sabotage of the firmware rollback mechanism.

Protection technologies:

Checksum verification after decryption.

Critical error control.

Control of correct operation of the Hub with a new firmware.

After firmware update

The firmware update and the subsequent reboot of the Hub takes less than 10 seconds. After that, the Hub reconnects to the server. The connection time depends on the number of active communication channels and does not exceed 30 seconds. Notifications about alarms and events are stored in the events feed even during the Hub update.

Ajax application display the following messages to inform about the start and the end of the Hub firmware update process:

The automatic update is optional and can be disabled. To do this, go to the service settings of the Hub (Devices → Hub → Settings (⚙️) → Service) and disable “Firmware Auto-Update”.